16a451e89be6e7ed5e6519c26fcc07c3424d57000d1561912f49f83cde89a705

Sharing

Copy URL

Twitter E-mail

General

Target

16a451e89be6e7ed5e6519c26fcc07c3424d57000d1561912f49f83cde89a705
Size

317KB
MD5

feaca1b0c0ad4aa0d592b0f61136f93b
SHA1

70497aef1a003fca9707bd1b87281071c401a3a8
SHA256

16a451e89be6e7ed5e6519c26fcc07c3424d57000d1561912f49f83cde89a705
SHA512

6a18af0fdd1896c4d0596b02920b26f8f626caa9d861f0e1c6d8c98f5ccfcc259c5bc5313aba15590fe772e52ddafa5aef6a23950a6011aa3089893a9b476216
SSDEEP

6144:R5TBQa5u45Frb9V9nb0ETgjPEDNeI+AQJQ5sCet/Mrxd6pb+XjPBX:R5Tia5u4Tb9vQfU+dY386x6e

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16a451e89be6e7ed5e6519c26fcc07c3424d57000d1561912f49f83cde89a705

Files

16a451e89be6e7ed5e6519c26fcc07c3424d57000d1561912f49f83cde89a705
.dll windows x86

7b5af4891f9b68993ba4f8396d3fe5cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetWindowThreadProcessId

advapi32

OpenProcessToken

oleaut32

SysAllocString

ws2_32

WSAAddressToStringA

msvcp140

?_Xout_of_range@std@@YAXPBD@Z

vcruntime140

_CxxThrowException

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-runtime-l1-1-0

_initterm

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-string-l1-1-0

isalnum

api-ms-win-crt-multibyte-l1-1-0

_mbscmp

Exports

Exports

NMCO_CallNMFunc

Sections

.text
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b5af4891f9b68993ba4f8396d3fe5cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

ws2_32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

Exports

Exports

Sections

.text Size: - Virtual size: 64KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: - Virtual size: 2KB

.detourc Size: - Virtual size: 4KB

.detourd Size: - Virtual size: 12B

.vmp0 Size: - Virtual size: 218KB

.vmp1 Size: 269KB - Virtual size: 269KB

.reloc Size: 512B - Virtual size: 136B

.rsrc Size: 1KB - Virtual size: 36KB

.text
Size: - Virtual size: 64KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: - Virtual size: 2KB

.detourc
Size: - Virtual size: 4KB

.detourd
Size: - Virtual size: 12B

.vmp0
Size: - Virtual size: 218KB

.vmp1
Size: 269KB - Virtual size: 269KB

.reloc
Size: 512B - Virtual size: 136B

.rsrc
Size: 1KB - Virtual size: 36KB